diff options
| author | Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> | 2020-09-24 16:24:08 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-09-24 16:24:08 +0100 |
| commit | 3f4a2a7064f79e77deaed8be96668020abef3c9d (patch) | |
| tree | 6251e639ff8412b2a831031e6c2ed9a808a42ba1 /synapse/config/saml2_config.py | |
| parent | Fix wording of deprecation notice in changelog (diff) | |
| download | synapse-3f4a2a7064f79e77deaed8be96668020abef3c9d.tar.xz | |
Hotfix: disable autoescape by default when rendering Jinja2 templates (#8394)
#8037 changed the default `autoescape` option when rendering Jinja2 templates from `False` to `True`. This caused some bugs, noticeably around redirect URLs being escaped in SAML2 auth confirmation templates, causing those URLs to break for users. This change returns the previous behaviour as it stood. We may want to look at each template individually and see whether autoescaping is a good idea at some point, but for now lets just fix the breakage.
Diffstat (limited to '')
| -rw-r--r-- | synapse/config/saml2_config.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/synapse/config/saml2_config.py b/synapse/config/saml2_config.py index cc7401888b..755478e2ff 100644 --- a/synapse/config/saml2_config.py +++ b/synapse/config/saml2_config.py @@ -169,8 +169,10 @@ class SAML2Config(Config): saml2_config.get("saml_session_lifetime", "15m") ) + # We enable autoescape here as the message may potentially come from a + # remote resource self.saml2_error_html_template = self.read_templates( - ["saml_error.html"], saml2_config.get("template_dir") + ["saml_error.html"], saml2_config.get("template_dir"), autoescape=True )[0] def _default_saml_config_dict( |